EisnerAmper LLP today released the results from its sixth Concerns About Risks Confronting Boards survey. The consistent trend, over all the surveys, is that reputational risk ranks as the top concern. Seventy-five percent of board members consider it of ‘Most Concern’ – its highest percentage ranking in three years.

However, as Charly Weinstein, EisnerAmper Chief Executive Officer noted, “Because social media and cybersecurity are intrinsically linked to a company’s reputation and image, organizations and boards should consider both as among the most important risks to manage and monitor. With today’s media capable of capturing every crisis occurring within organizations, it is becoming increasingly evident how connected reputation, cybersecurity and social media are in relation to risk.”

Weinstein goes on to state “The findings strongly reflect the accelerating pace of change facing directors. To fulfill their commitments to their stakeholders, board members need to ensure that their organizations are informed, educated and forward-focused.”

The survey results showed a broad trend of boards that identify risk – but take no action to manage that risk. While action may very well fall to those in the day-to-day operational roles, there seems to be little happening at the board level to encourage addressing the risks in a more comprehensive fashion. “Reputational risk is a severe threat to all companies, yet responses from board members indicate that reputational risk is so broad in scope – highly impacted by other risks like financial, product, cyber and more – that it is difficult to sufficiently address and prepare for the many types of reputational threats,” said Steven Kreit, an audit partner at EisnerAmper who has led the survey project since its inception.

Sample Survey Results

Social media is the current “wild west” of risks for boards. Shockingly, only six percent of boards feel as though they are well-versed in social media risk, and 67 percent of organizations are not engaging external consultants to monitor social media. The results indicate that boards may not fully understand the potential impact and harm social media can have on a company’s reputation.

Cybersecurity is the most recognized specific risk, emerging as a concern for 70 percent of respondents on public company boards. More than 95 percent of public companies either use internal audit or external auditors/consultants to monitor cyber risk. However, only 24 percent feel their boards are well-versed in understanding cybersecurity risk and another 10 percent feel that they are falling short of fully understanding the risk.

What issues cause the most concern today? The top four: Reputational Risk 75%, Cyber Security/IT Risk 61%, Regulatory Compliance Risk 53%, Senior Management Succession Planning 51%, with these rankings remaining generally constant over the past three years across public, private and not-for-profit boards.

Who Manages Risk in Corporate America

The survey addressed how well companies identify and address risk. 78 percent of public company directors said their firms employ personnel in an active internal audit function; and 71 percent say that internal audit have been helpful or very helpful in identifying risk. Further, 92 percent of board members say that regular board meetings address risk well or very well; 84 percent say that external auditors address risk well or very well; and 86 percent say that the legal and compliance group address risk well or very well.

While boards govern an organization and set strategy, management executes the strategy. The survey asked directors if they feel their CEOs have a strong understanding of topics related to risk. For the past three years, cyber and social have been the two areas where boards feel that CEOs are not managing as well as others. The trend continues this year with at least 25 percent of board members feeling that the CEO is not managing these issues well. Yet, they are also the two areas where boards feel CEOs should have more responsibility.

The survey concludes by noting that while companies are beginning to take the proper steps to prepare for a reputational crisis by having plans in place, providing training and employing an internal audit function, fewer than 50 percent of respondents feel they are “well-versed” in the issues.

Methodology

The survey measures the opinions of directors serving on the boards of more than 300 publicly traded, private, not-for-profit, and private equity-owned companies across a variety of industries. Evaluations of the responses were also based on the organization’s revenue as well as a comparison of past year’s data. Directors were polled via a web-based survey, sent to select EisnerAmper contacts and members of the NACD Directorship database.

Have Questions or Comments?

If you have any questions about this media item, we'd like to hear your opinion. Please share your thoughts with us.

EisnerAmper LLP is among the nation’s largest full-service advisory and accounting firms. We provide audit, accounting, and tax services to a broad range of clients across many industries. We work with businesses of all sizes, including more than 200 public companies, as well as with high net worth individuals and family offices. We serve thousands of financial entities spanning the hedge, private equity and venture fund space. EisnerAmper can assist boards and CEOs with identifying organizational risk, including cybersecurity, social media and senior management succession planning.